linux/drivers
Andreas Kemnade 4c761daf8b net: hso: register netdev later to avoid a race condition
If the netdev is accessed before the urbs are initialized,
there will be NULL pointer dereferences. That is avoided by
registering it when it is fully initialized.

This case occurs e.g. if dhcpcd is running in the background
and the device is probed, either after insmod hso or
when the device appears on the usb bus.

A backtrace is the following:

[ 1357.356048] usb 1-2: new high-speed USB device number 12 using ehci-omap
[ 1357.551177] usb 1-2: New USB device found, idVendor=0af0, idProduct=8800
[ 1357.558654] usb 1-2: New USB device strings: Mfr=3, Product=2, SerialNumber=0
[ 1357.568572] usb 1-2: Product: Globetrotter HSUPA Modem
[ 1357.574096] usb 1-2: Manufacturer: Option N.V.
[ 1357.685882] hso 1-2:1.5: Not our interface
[ 1460.886352] hso: unloaded
[ 1460.889984] usbcore: deregistering interface driver hso
[ 1513.769134] hso: ../drivers/net/usb/hso.c: Option Wireless
[ 1513.846771] Unable to handle kernel NULL pointer dereference at virtual address 00000030
[ 1513.887664] hso 1-2:1.5: Not our interface
[ 1513.906890] usbcore: registered new interface driver hso
[ 1513.937988] pgd = ecdec000
[ 1513.949890] [00000030] *pgd=acd15831, *pte=00000000, *ppte=00000000
[ 1513.956573] Internal error: Oops: 817 [#1] PREEMPT SMP ARM
[ 1513.962371] Modules linked in: hso usb_f_ecm omap2430 bnep bluetooth g_ether usb_f_rndis u_ether libcomposite configfs ipv6 arc4 wl18xx wlcore mac80211 cfg80211 bq27xxx_battery panel_tpo_td028ttec1 omapdrm drm_kms_helper cfbfillrect snd_soc_simple_card syscopyarea cfbimgblt snd_soc_simple_card_utils sysfillrect sysimgblt fb_sys_fops snd_soc_omap_twl4030 cfbcopyarea encoder_opa362 drm twl4030_madc_hwmon wwan_on_off snd_soc_gtm601 pwm_omap_dmtimer generic_adc_battery connector_analog_tv pwm_bl extcon_gpio omap3_isp wlcore_sdio videobuf2_dma_contig videobuf2_memops w1_bq27000 videobuf2_v4l2 videobuf2_core omap_hdq snd_soc_omap_mcbsp ov9650 snd_soc_omap bmp280_i2c bmg160_i2c v4l2_common snd_pcm_dmaengine bmp280 bmg160_core at24 bmc150_magn_i2c nvmem_core videodev phy_twl4030_usb bmc150_accel_i2c tsc2007
[ 1514.037384]  bmc150_magn bmc150_accel_core media leds_tca6507 bno055 industrialio_triggered_buffer kfifo_buf gpio_twl4030 musb_hdrc snd_soc_twl4030 twl4030_vibra twl4030_madc twl4030_pwrbutton twl4030_charger industrialio w2sg0004 ehci_omap omapdss [last unloaded: hso]
[ 1514.062622] CPU: 0 PID: 3433 Comm: dhcpcd Tainted: G        W       4.11.0-rc8-letux+ #1
[ 1514.071136] Hardware name: Generic OMAP36xx (Flattened Device Tree)
[ 1514.077758] task: ee748240 task.stack: ecdd6000
[ 1514.082580] PC is at hso_start_net_device+0x50/0xc0 [hso]
[ 1514.088287] LR is at hso_net_open+0x68/0x84 [hso]
[ 1514.093231] pc : [<bf79c304>]    lr : [<bf79ced8>]    psr: a00f0013
sp : ecdd7e20  ip : 00000000  fp : ffffffff
[ 1514.105316] r10: 00000000  r9 : ed0e080c  r8 : ecd8fe2c
[ 1514.110839] r7 : bf79cef4  r6 : ecd8fe00  r5 : 00000000  r4 : ed0dbd80
[ 1514.117706] r3 : 00000000  r2 : c0020c80  r1 : 00000000  r0 : ecdb7800
[ 1514.124572] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[ 1514.132110] Control: 10c5387d  Table: acdec019  DAC: 00000051
[ 1514.138153] Process dhcpcd (pid: 3433, stack limit = 0xecdd6218)
[ 1514.144470] Stack: (0xecdd7e20 to 0xecdd8000)
[ 1514.149078] 7e20: ed0dbd80 ecd8fe98 00000001 00000000 ecd8f800 ecd8fe00 ecd8fe60 00000000
[ 1514.157714] 7e40: ed0e080c bf79ced8 bf79ce70 ecd8f800 00000001 bf7a0258 ecd8f830 c068d958
[ 1514.166320] 7e60: c068d8b8 ecd8f800 00000001 00001091 00001090 c068dba4 ecd8f800 00001090
[ 1514.174926] 7e80: ecd8f940 ecd8f800 00000000 c068dc60 00000000 00000001 ed0e0800 ecd8f800
[ 1514.183563] 7ea0: 00000000 c06feaa8 c0ca39c2 beea57dc 00000020 00000000 306f7368 00000000
[ 1514.192169] 7ec0: 00000000 00000000 00001091 00000000 00000000 00000000 00000000 00008914
[ 1514.200805] 7ee0: eaa9ab60 beea57dc c0c9bfc0 eaa9ab40 00000006 00000000 00046858 c066a948
[ 1514.209411] 7f00: beea57dc eaa9ab60 ecc6b0c0 c02837b0 00000006 c0282c90 0000c000 c0283654
[ 1514.218017] 7f20: c09b0c00 c098bc31 00000001 c0c5e513 c0c5e513 00000000 c0151354 c01a20c0
[ 1514.226654] 7f40: c0c5e513 c01a3134 ecdd6000 c01a3160 ee7487f0 600f0013 00000000 ee748240
[ 1514.235260] 7f60: ee748734 00000000 ecc6b0c0 ecc6b0c0 beea57dc 00008914 00000006 00000000
[ 1514.243896] 7f80: 00046858 c02837b0 00001091 0003a1f0 00046608 0003a248 00000036 c01071e4
[ 1514.252502] 7fa0: ecdd6000 c0107040 0003a1f0 00046608 00000006 00008914 beea57dc 00001091
[ 1514.261108] 7fc0: 0003a1f0 00046608 0003a248 00000036 0003ac0c 00046608 00046610 00046858
[ 1514.269744] 7fe0: 0003a0ac beea57d4 000167eb b6f23106 400f0030 00000006 00000000 00000000
[ 1514.278411] [<bf79c304>] (hso_start_net_device [hso]) from [<bf79ced8>] (hso_net_open+0x68/0x84 [hso])
[ 1514.288238] [<bf79ced8>] (hso_net_open [hso]) from [<c068d958>] (__dev_open+0xa0/0xf4)
[ 1514.296600] [<c068d958>] (__dev_open) from [<c068dba4>] (__dev_change_flags+0x8c/0x130)
[ 1514.305023] [<c068dba4>] (__dev_change_flags) from [<c068dc60>] (dev_change_flags+0x18/0x48)
[ 1514.313934] [<c068dc60>] (dev_change_flags) from [<c06feaa8>] (devinet_ioctl+0x348/0x714)
[ 1514.322540] [<c06feaa8>] (devinet_ioctl) from [<c066a948>] (sock_ioctl+0x2b0/0x308)
[ 1514.330627] [<c066a948>] (sock_ioctl) from [<c0282c90>] (vfs_ioctl+0x20/0x34)
[ 1514.338165] [<c0282c90>] (vfs_ioctl) from [<c0283654>] (do_vfs_ioctl+0x82c/0x93c)
[ 1514.346038] [<c0283654>] (do_vfs_ioctl) from [<c02837b0>] (SyS_ioctl+0x4c/0x74)
[ 1514.353759] [<c02837b0>] (SyS_ioctl) from [<c0107040>] (ret_fast_syscall+0x0/0x1c)
[ 1514.361755] Code: e3822103 e3822080 e1822781 e5981014 (e5832030)
[ 1514.510833] ---[ end trace dfb3e53c657f34a0 ]---

Reported-by: H. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
Reviewed-by: Johan Hovold <johan@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-28 16:11:48 -04:00
..
accessibility
acpi ACPI / power: Avoid maybe-uninitialized warning 2017-04-19 22:46:10 +02:00
amba
android sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> 2017-03-02 08:42:29 +01:00
ata sata_via: Enable hotplug only on VT6421 2017-04-11 09:12:18 +09:00
atm sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
auxdisplay auxdisplay: img-ascii-lcd: add missing sentinel entry in img_ascii_lcd_matches 2017-03-16 16:59:55 +09:00
base drivers core: remove assert_held_device_hotplug() 2017-03-16 16:56:19 -07:00
bcma
block mtip32xx: pass BLK_MQ_F_NO_SCHED 2017-04-19 14:15:45 -06:00
bluetooth Bluetooth: btqcomsmd: fix compile-test dependency 2017-03-22 19:22:04 -07:00
bus ARM: SoC driver updates 2017-02-23 15:57:04 -08:00
cdrom Merge branch 'for-4.11/next' into for-4.11/linus-merge 2017-02-17 14:08:19 -07:00
char Fixes /dev/mem to read back zeros for System RAM areas in the 1MB exception 2017-04-14 08:57:20 -07:00
clk Allwinner clock fixes for 4.11 2017-04-17 11:04:12 -07:00
clocksource Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-04-02 09:22:03 -07:00
connector
cpufreq cpufreq: Bring CPUs up even if cpufreq_online() failed 2017-04-13 03:38:44 +02:00
cpuidle cpuidle: powernv: Pass correct drv->cpumask for registration 2017-03-29 22:55:36 +02:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-04-10 09:37:43 -07:00
dax device-dax: switch to srcu, fix rcu_read_lock() vs pte allocation 2017-04-12 13:45:18 -07:00
dca
devfreq scripts/spelling.txt: add "followings" pattern and fix typo instances 2017-02-27 18:43:47 -08:00
dio
dma dmaengine: Fix array index out of bounds warning in __get_unmap_pool() 2017-03-14 10:11:27 +05:30
dma-buf sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
edac EDAC, pnd2_edac: Fix reported DIMM number 2017-03-26 09:36:28 +02:00
eisa
extcon extcon: int3496: Set the id pin to direction-input if necessary 2017-03-22 18:29:48 +09:00
firewire Merge branch 'idr-4.11' of git://git.infradead.org/users/willy/linux-dax 2017-02-28 20:29:41 -08:00
firmware efi/libstub: Skip GOP with PIXEL_BLT_ONLY format 2017-04-05 09:20:18 +02:00
fmc
fpga fpga zynq: Use the scatterlist interface 2017-02-10 15:20:44 +01:00
fsi drivers/fsi: add driver to device matches 2017-02-10 15:19:48 +01:00
gpio ACPI / gpio: do not fall back to parsing _CRS when we get a deferral 2017-03-30 11:08:46 +02:00
gpu Merge branch 'linux-4.11' of git://github.com/skeggsb/linux into drm-fixes 2017-04-13 09:56:05 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2017-04-20 12:26:10 -07:00
hsi sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
hv Drivers: hv: vmbus: Don't leak memory when a channel is rescinded 2017-03-16 16:42:33 +09:00
hwmon hwmon: (asus_atk0110) fix uninitialized data access 2017-03-23 12:01:57 -07:00
hwspinlock
hwtracing intel_th: pci: Add Gemini Lake support 2017-03-15 14:55:18 +02:00
i2c i2c: mux: pca954x: Add missing pca9546 definition to chip_desc 2017-03-24 12:22:18 +01:00
ide sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h> 2017-03-02 08:42:36 +01:00
idle Power management turbostat utility updates for v4.11-rc1 2017-03-02 17:41:27 -08:00
iio iio: hid-sensor-attributes: Fix sensor property setting failure. 2017-04-02 11:44:03 +01:00
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-04-11 23:51:58 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2017-04-21 09:13:43 -07:00
iommu Merge branch 'for-joerg/arm-smmu/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/will/linux into iommu/fixes 2017-03-22 23:59:56 +01:00
ipack
irqchip irqchip/irq-imx-gpcv2: Fix spinlock initialization 2017-04-14 10:55:05 +02:00
isdn isdn: kcapi: avoid uninitialized data 2017-03-28 17:59:33 -07:00
leds sched/headers: Prepare for new header dependencies before moving code to <linux/sched/loadavg.h> 2017-03-02 08:42:27 +01:00
lguest sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
lightnvm lightnvm: set default lun range when no luns are specified 2017-02-15 08:27:21 -07:00
macintosh powerpc/pmac: Fix crash in dma-mapping.h with NULL dma_ops 2017-03-10 14:17:23 +11:00
mailbox sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
mcb
md Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2017-04-08 11:56:58 -07:00
media media fixes for v4.11-rc4 2017-03-24 13:34:16 -07:00
memory Linux 4.11-rc1 2017-03-06 08:37:53 -08:00
memstick Merge branch 'for-4.11/next' into for-4.11/linus-merge 2017-02-17 14:08:19 -07:00
message SCSI misc on 20170220 2017-02-21 11:51:42 -08:00
mfd staging/iio driver patches for 4.11-rc1 2017-02-22 12:14:01 -08:00
misc Char/Misc driver fixes for 4.11-rc4 2017-03-26 11:15:54 -07:00
mmc mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card 2017-04-20 14:41:05 +02:00
mtd ubi/upd: Always flush after prepared for an update 2017-03-30 09:27:11 +02:00
net net: hso: register netdev later to avoid a race condition 2017-04-28 16:11:48 -04:00
nfc scripts/spelling.txt: add "omited" pattern and fix typo instances 2017-02-27 18:43:47 -08:00
ntb ntb: ntb_hw_intel: link_poll isn't clearing the pending status properly 2017-02-16 23:11:26 -05:00
nubus
nvdimm libnvdimm: band aid btt vs clear poison locking 2017-04-10 17:21:45 -07:00
nvme nvme: Quirk APST off on "THNSF5256GPUK TOSHIBA" 2017-04-20 14:42:10 -06:00
nvmem
of DeviceTree updates for 4.11: 2017-02-22 19:23:14 -08:00
oprofile sched/headers: Prepare to move the get_task_struct()/put_task_struct() and related APIs from <linux/sched.h> to <linux/sched/task.h> 2017-03-02 08:42:40 +01:00
parisc Merge branch 'parisc-4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux 2017-03-03 16:20:06 -08:00
parport parport: fix attempt to write duplicate procfiles 2017-03-16 17:32:21 +09:00
pci PCI: hisi: Fix DT binding (hisi-pcie-almost-ecam) 2017-04-12 10:46:47 -05:00
pcmcia
perf sched/headers: Prepare for new header dependencies before moving code to <linux/sched/clock.h> 2017-03-02 08:42:27 +01:00
phy phy: qcom-usb-hs: Add depends on EXTCON 2017-03-09 15:29:57 +05:30
pinctrl pinctrl: cherryview: Add a quirk to make Acer Chromebook keyboard work again 2017-04-11 10:09:39 +02:00
platform platform-drivers-x86 for v4.11-2 2017-03-13 13:23:43 -07:00
pnp
power scripts/spelling.txt: add "intialization" pattern and fix typo instances 2017-02-27 18:43:47 -08:00
powercap
pps
ps3 sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> 2017-03-02 08:42:29 +01:00
ptp PTP: fix ptr_ret.cocci warnings 2017-03-20 16:25:06 +01:00
pwm pwm: rockchip: State of PWM clock should synchronize with PWM enabled state 2017-04-06 15:08:52 +02:00
rapidio drivers/rapidio/devices/tsi721.c: make module parameter variable name unique 2017-03-31 17:13:30 -07:00
ras
regulator regulator: Updates for v4.11 2017-02-20 17:23:57 -08:00
remoteproc remoteproc: qcom: fix QCOM_SMD dependencies 2017-03-20 14:45:44 -07:00
reset reset: add exported __reset_control_get, return NULL if optional 2017-04-04 17:36:10 +02:00
rpmsg virtio, vhost: optimizations, fixes 2017-03-02 13:53:13 -08:00
rtc sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-04-05 20:17:38 -07:00
sbus
scsi SCSI fixes on 20170424 2017-04-24 13:31:08 -07:00
sfi
sh
sn
soc sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
spi sched/headers: Prepare for new header dependencies before moving code to <uapi/linux/sched/types.h> 2017-03-02 08:42:27 +01:00
spmi
ssb
staging staging: android: ashmem: lseek failed due to no FMODE_LSEEK. 2017-04-08 12:13:11 +02:00
target tcmu: Skip Data-Out blocks before gathering Data-In buffer for BIDI case 2017-04-02 16:18:51 -07:00
tc
thermal thermal: cpu_cooling: Check OPP for errors 2017-03-13 10:06:55 +08:00
thunderbolt
tty Revert "tty: don't panic on OOM in tty_set_ldisc()" 2017-04-14 10:59:56 +02:00
uio sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
usb Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-04-11 23:51:58 -07:00
uwb uwb: i1480-dfu: fix NULL-deref at probe 2017-03-14 17:07:31 +08:00
vfio VFIO fixes for v4.11-rc4 2017-03-24 14:39:36 -07:00
vhost vhost-vsock: add pkt cancel capability 2017-03-21 14:41:46 -07:00
video backlight: pwm_bl: Fix GPIO out for unimplemented .get_direction() 2017-04-19 19:59:44 +01:00
virt
virtio virtio-pci: Remove affinity hint before freeing the interrupt 2017-04-11 00:30:20 +03:00
vlynq
vme
w1 sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> 2017-03-02 08:42:29 +01:00
watchdog watchdog: retu: restore MFD dependency 2017-03-01 06:15:10 -08:00
xen xenbus: remove transaction holder from list before freeing 2017-04-04 10:11:06 -04:00
zorro
Kconfig drivers/fsi: Add empty fsi bus definitions 2017-02-10 15:19:48 +01:00
Makefile pci-v4.11-changes 2017-02-23 11:53:22 -08:00